﻿using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Threading.Tasks;

namespace DCBK
{
    public class Config
    {
        /// <summary>
        /// 身份认证资源集合
        /// </summary>
        public static IEnumerable<IdentityResource> Ids =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResources.Email(),
                new IdentityResources.Address(),
                new IdentityResources.Phone()
            };
        /// <summary>
        /// API资源集合
        /// </summary>
        public static IEnumerable<ApiResource> ApiScopes =>
           new List<ApiResource>
           {
                new ApiResource("api1", "My API")
           };
        /// <summary>
        /// 客户端资源集合
        /// </summary>
        public static IEnumerable<Client> Clients =>
            new List<Client>
            {
                new Client
                {
                    ClientId = "client",
 
                // no interactive user, use the clientid/secret for authentication
                AllowedGrantTypes = GrantTypes.ClientCredentials,
 
                // secret for authentication
                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },
 
                // scopes that client has access to
                AllowedScopes = { "api1" },
                ClientUri="http://localhost:5001"
            },
                 /// 资源所有者密码凭证（ResourceOwnerPassword）
                ///     Resource Owner其实就是User，所以可以直译为用户名密码模式。
                ///     密码模式相较于客户端凭证模式，多了一个参与者，就是User。
                ///     通过User的用户名和密码向Identity Server申请访问令牌。
                new Client
                {
                    ClientId = "client1",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    AllowedScopes = { "api1" }
                },
                 /// 授权码模式（Code）
                ///     适用于保密客户端（Confidential Client），比如ASP.NET MVC等服务器端渲染的Web应用
                new Client
                {
                    ClientId = "mvc client",
                    ClientName = "ASP.NET Core MVC Client",

                    AllowedGrantTypes = GrantTypes.Code,
                    ClientSecrets = { new Secret("mvc secret".Sha256()) },

                    RedirectUris = { "http://localhost:6001/signin-oidc" },
                    FrontChannelLogoutUri = "http://localhost:6001/signout-oidc",
                    PostLogoutRedirectUris = { "http://localhost:6001/signout-callback-oidc" },

                    AlwaysIncludeUserClaimsInIdToken = true,
                    AllowOfflineAccess = true,
                    //访问令牌的生存期（秒）（默认为3600秒/1小时）
                    AccessTokenLifetime = 60,
                    AllowedScopes =
                    {
                        "api1",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        IdentityServerConstants.StandardScopes.Address,
                        IdentityServerConstants.StandardScopes.Phone
                    }
                }
        };
    }

}
